From 3a5a90007e7ad8942cd121cf410f7996ecb1e35a Mon Sep 17 00:00:00 2001 From: Erkin Alp Güney Date: Fri, 8 Apr 2022 11:23:09 +0300 Subject: MANAGE_GUILDS --- api/src/routes/guilds/#guild_id/index.ts | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'api/src/routes/guilds') diff --git a/api/src/routes/guilds/#guild_id/index.ts b/api/src/routes/guilds/#guild_id/index.ts index 991c3f93..8e1e74f7 100644 --- a/api/src/routes/guilds/#guild_id/index.ts +++ b/api/src/routes/guilds/#guild_id/index.ts @@ -1,5 +1,5 @@ import { Request, Response, Router } from "express"; -import { emitEvent, getPermission, Guild, GuildUpdateEvent, handleFile, Member } from "@fosscord/util"; +import { DiscordApiErrors, emitEvent, getPermission, getRights, Guild, GuildUpdateEvent, handleFile, Member } from "@fosscord/util"; import { HTTPError } from "lambert-server"; import { route } from "@fosscord/api"; import "missing-native-js-functions"; @@ -37,9 +37,17 @@ router.get("/", route({}), async (req: Request, res: Response) => { return res.send(guild); }); -router.patch("/", route({ body: "GuildUpdateSchema", permission: "MANAGE_GUILD" }), async (req: Request, res: Response) => { +router.patch("/", route({ body: "GuildUpdateSchema"}), async (req: Request, res: Response) => { const body = req.body as GuildUpdateSchema; const { guild_id } = req.params; + + + const rights = await getRight(req.user_id); + const permission = await getPermission(req.user_id, guild_id); + + if (!rights.has("MANAGE_GUILDS")||!permission.has("MANAGE_GUILD")) + throw DiscordApiErrors.MISSING_PERMISSIONS("MANAGE_GUILD"); + // TODO: guild update check image if (body.icon) body.icon = await handleFile(`/icons/${guild_id}`, body.icon); -- cgit 1.5.1 From a4e4d40bb967a73130363b134cf9072e08ea4d3f Mon Sep 17 00:00:00 2001 From: Erkin Alp Güney Date: Fri, 8 Apr 2022 11:29:04 +0300 Subject: rights enforcement in guild create --- api/src/routes/guilds/index.ts | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'api/src/routes/guilds') diff --git a/api/src/routes/guilds/index.ts b/api/src/routes/guilds/index.ts index 7b676211..10721413 100644 --- a/api/src/routes/guilds/index.ts +++ b/api/src/routes/guilds/index.ts @@ -1,5 +1,5 @@ import { Router, Request, Response } from "express"; -import { Role, Guild, Snowflake, Config, Member, Channel, DiscordApiErrors, handleFile } from "@fosscord/util"; +import { Role, Guild, Snowflake, Config, getRights, Member, Channel, DiscordApiErrors, handleFile } from "@fosscord/util"; import { route } from "@fosscord/api"; import { ChannelModifySchema } from "../channels/#channel_id"; @@ -20,12 +20,13 @@ export interface GuildCreateSchema { //TODO: create default channel -router.post("/", route({ body: "GuildCreateSchema" }), async (req: Request, res: Response) => { +router.post("/", route({ body: "GuildCreateSchema", right: "CREATE_GUILDS" }), async (req: Request, res: Response) => { const body = req.body as GuildCreateSchema; const { maxGuilds } = Config.get().limits.user; const guild_count = await Member.count({ id: req.user_id }); - if (guild_count >= maxGuilds) { + const rights = await getRights(req.user_id); + if ((guild_count >= maxGuilds)&&!rights.has("MANAGE_GUILDS")) { throw DiscordApiErrors.MAXIMUM_GUILDS.withParams(maxGuilds); } -- cgit 1.5.1 From 88dd33a9a271ec73f9ce0beb8c5c8e662912fc68 Mon Sep 17 00:00:00 2001 From: binsky Date: Sat, 9 Apr 2022 04:12:16 +0200 Subject: fix MANAGE_GUILDS; rename getRight to getRights --- api/src/routes/guilds/#guild_id/index.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'api/src/routes/guilds') diff --git a/api/src/routes/guilds/#guild_id/index.ts b/api/src/routes/guilds/#guild_id/index.ts index 8e1e74f7..4ec3df72 100644 --- a/api/src/routes/guilds/#guild_id/index.ts +++ b/api/src/routes/guilds/#guild_id/index.ts @@ -42,11 +42,11 @@ router.patch("/", route({ body: "GuildUpdateSchema"}), async (req: Request, res: const { guild_id } = req.params; - const rights = await getRight(req.user_id); + const rights = await getRights(req.user_id); const permission = await getPermission(req.user_id, guild_id); if (!rights.has("MANAGE_GUILDS")||!permission.has("MANAGE_GUILD")) - throw DiscordApiErrors.MISSING_PERMISSIONS("MANAGE_GUILD"); + throw DiscordApiErrors.MISSING_PERMISSIONS.withParams("MANAGE_GUILD"); // TODO: guild update check image -- cgit 1.5.1 From 221f627f187e544159db38cf157a43369b3a98b2 Mon Sep 17 00:00:00 2001 From: Erkin Alp Güney Date: Sat, 16 Apr 2022 00:15:09 +0300 Subject: remove misleading todo note --- api/src/routes/guilds/#guild_id/members/index.ts | 1 - 1 file changed, 1 deletion(-) (limited to 'api/src/routes/guilds') diff --git a/api/src/routes/guilds/#guild_id/members/index.ts b/api/src/routes/guilds/#guild_id/members/index.ts index 386276c8..b730a4e7 100644 --- a/api/src/routes/guilds/#guild_id/members/index.ts +++ b/api/src/routes/guilds/#guild_id/members/index.ts @@ -6,7 +6,6 @@ import { HTTPError } from "lambert-server"; const router = Router(); -// TODO: not allowed for user -> only allowed for bots with privileged intents // TODO: send over websocket // TODO: check for GUILD_MEMBERS intent -- cgit 1.5.1